Spam is a  major problem, which is not limited to George Mason, is SPAM, unsolicited email, usually commercial in nature. The question usually asked is - can't George Mason block SPAM from my inbox? Since the majority of spammers are illegally using other sites to send out their advertisements, they typically don't post from the same place twice. In addition, spammers are aware that people will try to set up filters to block their messages. Spammers will alter the look (contents) and headers (to, from, subject lines) each time in order to get around filters. It is difficult to perform content filtering without introducing the strong possibility of filtering out legitimate e-mail. The ITU continues to look for ways to stop as much spam as possible from entering the network.

SPAM Prevention

HOW DO I GET ON BULK EMAIL (SPAM) LISTS? 

There are a number of different ways that our addresses can be obtained by spammers eager to advertise their wares. This paper will outline some of these methods along with advice on preventing or minimizing our chances of receiving spam. Since spammers are always looking out for new ways to get the word out, this paper is in no way a complete list of their tricks. In addition, there is no guaranteed way that we can avoid being placed on someone’s mailing list without severely limited our ability to effectively utilize the Internet.

PRODUCT/SITE REGISTRATION

In order to utilize vendor services on the net (online order, browsing a catalog, subscribing to a service) require us to create an account with that vendor and supply them with demographic and personal information including an email address. Once you have set up your account, the vendor has all the information they need to contact you. While many vendors will allow you to select what type of information you will receive from them, some vendors will deem information “important” and will send it to you anyway, or they will provide this information to their third party partners. A word of caution about vendors who say they will not provide you information to another party – this doesn’t mean they won’t send you information on the third party’s behalf (either by allowing them to send email via their mailing list or using their own name and saying something like “…since you bought our product, we thought this might interest you…”.

In addition, many products allow for online registration so the vendor can keep us informed of product changes or warranty issues. It is common practice for vendors to use product and warranty registrations for mass marketing purposes.

NEWGROUP/LIST POSTING

Many advertising companies have software that will scan Usenet newsgroup postings for valid email addresses. In addition, improperly configured mailing list software, and automated mailing lists, may allow someone to obtain an electronic copy of the subscribers list and use that to form a mailing list. An improperly configured mailing list may also allow someone (a spammer) to send email to the list without being a subscriber.

BROWSER SETTINGS

If you use the same client for reading email and surfing the net, web sites can obtain your email address settings via software run from their website. Many search engines use this technique in order to track sites visited as a result of our searches as well as to provide info to their paying subscribers (advertisers).

BRUTE FORCE

Another technique spammers use is the brute force method (or random method, depending on how you look at it). They have a list of common names and userids and they simply try all of those addresses at a site. A small percentage will turn out to be valid (every site probably has a jsmith or jjones) and some percent of those users will respond. Another technique used for very large sites is to try random addresses – jsmitha, smith, john_smith, john.smith, and hope to find some valid addresses. This technique becomes ineffective when the site admin notices the large amount of traffic this is generating and cuts off the spam site.

AN INSIDE JOB

Spammers love University sites because many of them run the Unix operating system. This Unix operating system requires that a public file called /etc/passwd be readable by all users – this file is a list of valid accounts on the system and is used by the operating system for various authentication tasks. Since everyone on the system has an email address, the spammer has a list of valid email addresses. The Mason Cluster is running the Unix operating system and a copy of /etc/passwd can be lucrative to a student looking to make a few dollars. There was a case a number of years back where a competitor to the GMU bookstore had an employee who was a student here obtain a copy of this file and they used it to solicit business from our students.  

AVOIDING SPAM

This is no single way to avoid getting placed on someone’s mailing list. However, there are some ways to minimize spam as it relates to your primary email account. 

If you’re not truly interested in receiving mail from vendors but still need to use their services, obtain a second account from one of the free services like hotmail and use that address when doing product registrations. In addition, where vendors allow you to choose what, if any, mail you receive from them, select the option to not be contacted. And make sure to choose any options that specify that your address info is not to be shared. The reputable vendors will honor such requests. If not necessary, do not supply an email address. 

If you’re an active participant in online chats, newsgroups, and mailing lists, the chance of receiving spam is inherent with the use of these services. If possible, have a separate account for postings to these groups although this is inconvenient if you’re very active or it’s a high traffic group or list.

If possible, use separate clients for email and surfing the web. This is problematic at George Mason since we support both the Netscape browser and email client. Another option is to disable Javascript and/or cookies so that programs to extract information about you cannot be executed. However, be cautious because a number of sites also use Javascript and cookies in order to function and disabling these features may prevent you from using their site.

If you do receive spam and they offer a link to “remove yourself from future mailings”, do not click on this link. A reputable site will remove you from their mailing list but less-reputable sites use this as a means to determine that they found a legitimate address and in some cases this will cause you to be added to even more spam mailing lists. 

THE TRADE-OFF

It is fairly obvious from reading this paper that there’s a big trade-off to be considered. The more we use the Internet, the more we increase the chance that a spammer is going to obtain our address. With the exception of a few, most of the steps required to keep us from receiving spam will also limit how we can use the Internet. 

The term spammer has been used to refer to those vendors who use the Internet to advertise their wares and who have no interest in honoring our requests not to receive their information. Spammers will often seek our illicit means for getting their word out such as seeking open mail relays (so that their posts come via an unsuspecting source) and including forged information in the mail header (the From line may be your address, for example – this is easy to do with the software that spammers use and does not mean that they can get into your mailbox), and using tantalizing subject lines (here’s the info on your order, free gift, urgent message, etc). Since spammers send out so much mail, they are only looking for that tiny percentage of people responding back to give them the return on investment they are looking for.